Red Hat SummitChapter 1. About updating OpenShift Service Mesh
Understand how Red Hat OpenShift Service Mesh handles updates and how product and Istio versions align. Review versioning concepts before planning an upgrade. Examine how the Red Hat OpenShift Service Mesh Operator and the Istio control plane receive updates. Review Operator channels, update workflows, and the sequence in which components update during a mesh upgrade.
1.1. Understanding versioning
Red Hat OpenShift Service Mesh follows Semantic Versioning for all product releases. Semantic Versioning uses a three-part version number in the format X.Y.Z to communicate the nature of changes in each release.
- X (Major version)
- Indicates significant updates that might include breaking changes, such as architectural shifts, API changes, or schema modifications.
- Y (Minor version)
- Introduces new features and enhancements while maintaining backward compatibility.
- Z (Patch version or z-stream release)
- Delivers critical bug fixes and security updates, such as Common Vulnerabilities and Exposures (CVEs) resolutions. Patch versions do not include new features.
1.1.1. Understanding Service Mesh and Istio versions
The most current OpenShift Service Mesh Operator version is 3.2.0. This version supports the features listed in the "Service Mesh 3.2.0 feature support tables". The OpenShift Service Mesh Operator includes additional Istio releases for upgrades but supports only the latest Istio version available for each Operator version. See the "Service Mesh version support tables" to identify the supported Istio version for each Operator release.
1.2. Understanding Operator updates and channels
The Operator Lifecycle Manager (OLM) manages Operators and their associated services by using channels to organize and distribute updates. Channels are a way to group related updates.
To ensure that your OpenShift Service Mesh stays current with the latest security patches, bug fixes, and software updates, keep the OpenShift Service Mesh Operator up to date. The upgrade process depends on the configured channel and approval strategy.
OLM provides the following channels for the OpenShift Service Mesh Operator:
- Stable channel: tracks the most recent version of the OpenShift Service Mesh 3 Operator and the latest supported version of Istio. This channel enables upgrades to new operator versions and corresponding Istio updates as soon as they are released. Use the stable channel to stay current with the latest features, bug fixes, and security updates.
-
Versioned channel: restricts updates to patch-level releases within a specific minor version. For example,
stable-3.0provides access to the latest3.2.0patch version. When a new patch release becomes available, you can upgrade the Operator to the newer patch version. To move to a newer minor release, you must manually switch to a different channel. You can use a versioned channel to maintain a consistent minor version while applying only patch updates.
You can find the update strategy field in the Install Operator section and under the sub-section update approval. The default value for the update strategy is Automatic.
1.2.1. About Operator update process
The OpenShift Service Mesh Operator will upgrade automatically to the latest available version based on the selected channel when the approval strategy field is set to Automatic (default). If the approval strategy field is set to Manual, Operator Lifecycle Manager (OLM) will generate an update request, which a cluster administrator must approve to update the Operator to the latest version.
The Operator update process does not automatically update the Istio control plane unless the Istio resource version is set to an alias (for example, vX.Y-latest) and the updateStrategy is set to InPlace. This triggers a control plane update when a new version is available in the Operator. By default, the Operator will not update the Istio control plane unless the Istio resource is updated with a new version.
1.2.2. About Istio update process
After updating the OpenShift Service Mesh Operator, update the Istio control plane to the latest supported version. The Istio resource configuration determines how the control plane upgrade is performed, including which steps require manual action and which are handled automatically.
The Istio resource configuration includes the following fields that are relevant to the upgrade process:
spec.version-
specifies the version of Istio to install. Use the format
vX.Y.Z, whereX.Y.Zis the desired Istio release. For example, set the field tov1.24.4to install Istio1.24.4. Alternatively, set the value to an alias such asvX.Y-latestto automatically install the latest supported patch version for the specified minor release. spec.updateStrategy-
defines the strategy for updating the Istio control plane. The available update strategies are
InPlaceandRevisionBased.
To enable automatic patch upgrades, set the approval strategy of the Operator to Automatic. When the Operator detects a new patch release and the version field uses the vX.Y-latest alias, the control plane is updated based on the configured updateStrategy type.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}